| commit | 556c62f93535c606122b22e7e843d9da9a1cd438 | |
| author | Volker Lendecke <vlendec@samba.org> | |
| Thu, 23 Oct 2003 16:49:46 +0000 (23 16:49 +0000) | ||
| committer | Volker Lendecke <vlendec@samba.org> | |
| Thu, 23 Oct 2003 16:49:46 +0000 (23 16:49 +0000) | ||
| tree | 34246724abd5a0a529f5f4d723772f241088d17b | treesnapshot (tar.gz zip) |
| parent | 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a | commitdiff |
After a phonecall with jra finally commit this.
This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.
I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.
Volker
This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.
I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.
Volker
| source/lib/afs.c | diffblobblamehistory | |
| source/lib/util_sec.c | diffblobblamehistory |